From adc8c6158715734321ba3ad784beeb1304137101 Mon Sep 17 00:00:00 2001 From: Eric Liu Date: Tue, 3 Jun 2025 23:33:13 -0700 Subject: [PATCH 1/2] update for nightly builds --- .github/workflows/nightly.yml | 31 +++++++++++++++++++++++++++++++ src/.goreleaser.yml | 17 +++-------------- src/Makefile | 6 ++++++ src/bin/codesign.sh | 5 +++++ src/bin/notarize.sh | 5 +++++ 5 files changed, 50 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/nightly.yml diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 000000000..b090ddce4 --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,31 @@ +name: Nightly Build + +on: + schedule: + - cron: '0 6 * * *' # every day at 6 AM UTC + workflow_dispatch: # optional: allows manual runs + +jobs: + goreleaser-nightly: + runs-on: ubuntu-latest + + steps: + # Checkout the repository + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + # Get go + - uses: actions/setup-go@v5 + with: + go-version: '1.22' + + # Execute goreleaser nightly run (see .goreleaser.yml nightly for details) + - uses: goreleaser/goreleaser-action@v5 + with: + distribution: goreleaser-pro + version: latest + args: release --clean --nightly + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }} \ No newline at end of file diff --git a/src/.goreleaser.yml b/src/.goreleaser.yml index 9b4a2fe2e..cb192812b 100644 --- a/src/.goreleaser.yml +++ b/src/.goreleaser.yml @@ -150,18 +150,7 @@ announce: enabled: true nightly: - # Default: `{{ incpatch .Version }}-{{ .ShortCommit }}-nightly`. - # Templates: allowed. - # version_template: "{{ incpatch .Version }}-devel" - - # Tag name to create if publish_release is enabled. - # tag_name: devel - - # Whether to publish a release or not. - # Only works on GitHub. + tag_name: devel publish_release: true - - # Whether to delete previous pre-releases for the same `tag_name` when - # releasing. - # This allows you to keep a single pre-release. - # keep_single_release: true + keep_single_release: true + version_template: "{{ incpatch .Version }}-{{ .ShortCommit }}-nightly" \ No newline at end of file diff --git a/src/Makefile b/src/Makefile index 44d03796c..5bfadfffc 100644 --- a/src/Makefile +++ b/src/Makefile @@ -111,3 +111,9 @@ push-images: images login ## Push all docker images .PHONY: login login: ## Login to docker @docker login + +.PHONY: nightly-local +nightly-local: ## Used for local testing of goreleaser nightly run + GORELEASER_ALLOW_DIRTY=true GORELEASER_LOG=debug \ + goreleaser release --nightly --clean \ + --skip=publish,announce,sign,notarize,validate \ No newline at end of file diff --git a/src/bin/codesign.sh b/src/bin/codesign.sh index d3f27ab51..fd77b81c0 100755 --- a/src/bin/codesign.sh +++ b/src/bin/codesign.sh @@ -1,6 +1,11 @@ #!/bin/sh set -e +if [ "$SNAPSHOT" == "true" ]; then + echo "SNAPSHOT only build." + exit 0 +fi + # Bail if we didn't get one (and only one) argument if [ $# -ne 1 ]; then echo "Usage: $0 " diff --git a/src/bin/notarize.sh b/src/bin/notarize.sh index 8c90d4cee..deca4e82e 100755 --- a/src/bin/notarize.sh +++ b/src/bin/notarize.sh @@ -1,6 +1,11 @@ #!/bin/sh set -e +if [ "$SNAPSHOT" == "true" ]; then + echo "SNAPSHOT only build." + exit 0 +fi + # Bail if we didn't get one (and only one) argument if [ $# -ne 1 ]; then echo "Usage: $0 " From f95c300fc48917bb9d44c0df6b6ad5e47819de0b Mon Sep 17 00:00:00 2001 From: Eric Liu Date: Thu, 5 Jun 2025 12:09:22 -0700 Subject: [PATCH 2/2] Potential fix for code scanning alert no. 7: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/nightly.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index b090ddce4..89e5c0a1a 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -5,6 +5,9 @@ on: - cron: '0 6 * * *' # every day at 6 AM UTC workflow_dispatch: # optional: allows manual runs +permissions: + contents: read + jobs: goreleaser-nightly: runs-on: ubuntu-latest